Skip to content

Commit a686962

Browse files
CopilotMossaka
Copilot
and
Mossaka
authored
refactor: remove --enable-chroot flag, make chroot mode always-on (#714)
* Initial plan * refactor: remove --enable-chroot flag, make chroot mode always-on Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> * refactor: remove --enable-chroot from tests, docs, and workflows Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> * refactor: clean up comments referencing optional chroot mode Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> * fix: post-process all agentic workflows to use --build-local Chroot mode is now always-on, which requires the container image to be built from the current source (matching entrypoint.sh). The 13 agentic workflows (security-guard, ci-doctor, etc.) were still using --image-tag 0.13.12 --skip-pull with pre-built GHCR images from before the chroot-always-on change. Add all agentic workflow lock files to the post-processing script and run it to replace --image-tag/--skip-pull with --build-local, remove sparse-checkout (full repo needed for npm build), and replace the install step with local build steps. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> Co-authored-by: Jiaxiao (mossaka) Zhou <duibao55328@gmail.com>
1 parent abaf8dc commit a686962

50 files changed

Lines changed: 674 additions & 629 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.claude/skills/awf-skill/SKILL.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,6 @@ Container Options:
9696
Advanced Options:
9797
--ssl-bump Enable HTTPS content inspection
9898
--allow-urls <urls> URL patterns for SSL Bump (requires --ssl-bump)
99-
--enable-chroot Enable chroot for host binaries
10099
101100
Debugging Options:
102101
--log-level <level> Log level: debug, info, warn, error
@@ -195,11 +194,11 @@ sudo awf --allow-domains github.com \
195194
-- cat /data/config.json
196195
```
197196

198-
### 6. Use Chroot Mode for Host Binaries
197+
### 6. Use Host Binaries (Chroot Mode is Always On)
199198

200199
```bash
201-
# Access host Python, Node, Go, etc.
202-
sudo awf --enable-chroot --allow-domains api.github.com \
200+
# Access host Python, Node, Go, etc. (chroot mode is the default)
201+
sudo awf --allow-domains api.github.com \
203202
-- python3 -c "import requests; print(requests.get('https://api.github.com').status_code)"
204203
```
205204

.github/workflows/build-test-bun.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/build-test-cpp.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/build-test-deno.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/build-test-dotnet.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/build-test-go.lock.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)